Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Bermuda: PrivCom publishes guidance note on harms caused from misused personal information
The Bermuda Office of the Privacy Commissioner ('PrivCom') published, on 7 September 2021, a guidance note describing the risks and potential harms to individuals that organisations and privacy officers should consider when processing personal information. In particular, the guidance note underscores that under Section 13 of the Personal Information Protection Act ('PIPA') organisations must consider the risk of harm to an individual when they are assessing what security safeguards are needed when they suffer a breach. Additionally, the guidance note states that PIPA's provisions contain flexibility to allow organisations to approach the aforementioned issues in a variety of ways. Furthermore, the guidance note provides a non-exhaustive list of privacy harms for organisations to consider if personal information of individuals gets lost, used in an unauthorised way, or otherwise misused including:
- physical harm;
- economic harm;
- reputational harm;
- relationship harm;
- discrimination harm;
- data quality harm;
- lack of informed choice harm; and
- loss of autonomy harm.
You can read the guidance note here.